Roles & Permissions
Treatlly uses role-based access control (RBAC) to ensure each user sees only what they need. Permissions are enforced at both the UI and API level.
Role Summary
| Role | Scope | Key Permissions |
|---|---|---|
| Super Admin | Platform-wide | Manage all tenants, pricing versions, plans, add-ons, usage limits, broadcasts, system settings |
| Tenant Admin | Single clinic | Full clinic management — doctors, staff, locations, billing, upgrades, add-ons, CMS, API keys |
| Doctor | Own data | View own appointments, manage schedule, view earnings, customize prescription layout |
| Receptionist | Clinic front desk | Book/cancel appointments, register patients, process payments, upload prescriptions |
| Accountant | Clinic finances | View invoices, revenue reports, payment tracking, subscription billing, usage reports |
| Patient | Own data | Book appointments (walk-in & teleconsultation), manage family, view prescriptions, download receipts |
How Permissions Work
- Each action is guarded by a policy that checks the user's role
- Navigation menus adapt automatically based on role
- API endpoints enforce the same permissions
- Tenant Admin can invite staff and assign roles
Multi-Location Access
Receptionists and doctors can be assigned to specific locations. They only see appointments and patients for their assigned locations.